AWS Security ChangesHomeSearch

AWS transfer high security documentation change

Service: transfer · 2025-10-01 · Security-related high

File: transfer/latest/userguide/gateway-api-tutorial.md

Summary

Added security guidance about disabling API Gateway caching for authentication requests

Security assessment

Duplicate security documentation added about caching risks in authentication flows. Prevents potential authentication bypass or failures through misconfiguration.

Diff

diff --git a/transfer/latest/userguide/gateway-api-tutorial.md b/transfer/latest/userguide/gateway-api-tutorial.md
index ca1df98d8..d6852cfd0 100644
--- a//transfer/latest/userguide/gateway-api-tutorial.md
+++ b//transfer/latest/userguide/gateway-api-tutorial.md
@@ -91,0 +92,13 @@ To improve security, you can configure a web application firewall. AWS WAF is a
+###### Do not enable API Gateway caching
+
+Do not enable caching for your API Gateway method when using it as a custom identity provider for Transfer Family. Caching is inappropriate and invalid for authentication requests because:
+
+  * Each authentication request is unique and requires a live response, not a cached response
+
+  * Caching provides no benefits since Transfer Family never sends duplicate or repeated requests to the API Gateway
+
+  * Enabling caching will cause the API Gateway to respond with mismatched data, resulting in invalid responses to authentication requests
+
+
+
+